Caller and recipient alternate channel identity confirmation

ABSTRACT

A system and method are disclosed that leverage multi-factor authentication features of a service provider and intelligent call routing to increase security and efficiency at a customer call center. Pre-authentication of customer support requests reduces the potential for misappropriation of sensitive customer data during call handling. A contactless card uniquely associated with a client may provide a second factor of authentication to reduce the potential for malicious third-party impersonation of the client. Pre-authorized customer support calls are intelligently and efficiently routed in a manner that reduces the opportunity for malicious call interference and information theft.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application is a continuation of U.S. patent application Ser. No.16/570,796, entitled “CALLER AND RECIPIENT ALTERNATE CHANNEL IDENTITYCONFIRMATION” filed on Sep. 13, 2019. The contents of the aforementionedapplication are incorporated herein by reference in their entirety.

BACKGROUND

Call center services are typically provided by service providers toenable clients to access, modify, delete or otherwise manage theiraccounts. For security purposes and to otherwise support accounts, callcenters may store sensitive customer information, such as socialsecurity numbers, account numbers, account balances, email addresses,phone numbers, postal addresses and the like. Thus, call centers, andparticularly the communications between call centers and customers, arefrequently the targets of third parties who seek to access the sensitivecustomer information for identity theft and other malicious purposes.

To overcome this problem, customers may have to prove their identity toa call center, for example, by providing their sensitive information tothe call center for validation purposes. Such practices are known in theindustry, and consumers expect to provide such sensitive information tocall centers. As such, an understanding has evolved between call centersand consumers whereby the consumer trusts that the call center isauthorized to receive such information, and that the transmission ofsuch information is secure.

A problem arises when third parties, understanding this dynamic, pose ascall center agents and contact consumers, soliciting sensitiveinformation as part of a fraudulent authentication process. For example,a malicious third party may contact a consumer, posing as a serviceprovider representative, and describe an issue with their account thatrequires action; as a prelude to performing the action, the imposter mayrequest sensitive information under the pretense of validating theconsumer. Unfortunately, once the third party has obtained the sensitiveinformation, the consumers accounts are at risk. It would be desirableto minimize the exposure of consumers to losses associated with suchpractices.

SUMMARY

According to one aspect, a method for authenticating a communicationbetween a client and a service provider includes the steps of receiving,over a voice communication channel by a client device, a first serviceprovider communication from the service provider. The method furtherincludes receiving, over a application communication channel by theclient device an authentication of the first service providercommunication and a request seeking an authentication response includinga biometric input or an ownership input from the client. The method alsoincludes receiving, at a client interface of the client device, theauthentication response and forwarding the authentication response tothe service provider over the application communication channel. Otherembodiments of this aspect include corresponding computer systems,apparatus, and computer programs recorded on one or more computerstorage devices, each configured to perform the actions of the methods.

According to another aspect, a device disclosed herein may include aprocessor, a voice communication interface, a application communicationinterface and a user interface configured to exchange information with aclient. The device may further include a non-volatile storage deviceincluding program code stored thereon, where the program code may beoperable when executed upon by the processor to display, on the userinterface, a validation of a first service provider communicationreceived at the voice communication interface, the validation receivedover the application communication interface of the device as a secondservice provider communication. The program code may be further operablewhen executed upon to display, on the user interface, a clientauthentication request. The device may forward a client authenticationresponse received at the user interface from a service provider over theapplication communication interface, the client authentication responseincluding at least one of a biometric input or ownership input receivedat the user interface from the client. Other embodiments of this aspectinclude corresponding computer systems, apparatus, and computer programsrecorded on one or more computer storage devices, each configured toperform the actions of the methods.

One general aspect includes a method for authenticating a communicationbetween a client and a service provider includes the steps of:initiating a voice communication to a client device by the serviceprovider over a voice communication channel. The method also includesinitiating a application communication by the service provider to theclient device over a application communication channel, the applicationcommunication including a notification of the voice communication. Themethod also includes the application communication requesting anauthentication response from the client associated with the clientdevice, the authentication response including a biometric input or aknowledge input from the client. The method also includes receiving theauthentication response by the service provider over the applicationcommunication channel. The method also includes selectively terminatingthe voice communication over the voice communication channel responsiveto the authentication response. Other embodiments of this aspect includecorresponding computer systems, apparatus, and computer programsrecorded on one or more computer storage devices, each configured toperform the actions of the methods.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a block diagram of one embodiment of a data transmissionsystem configured to authenticate call center validation requests asdisclosed herein;

FIG. 2 is a block diagram of exemplary components that may be includedin embodiments of the servers of the system of FIG. 1;

FIG. 3 is a flow diagram illustrating exemplary steps that may beperformed by a client device to authenticate a call center communicationaccording to an embodiment disclosed herein;

FIG. 4 is a flow diagram illustrating exemplary steps that may beperformed by a service provider to validate call center communicationsaccording to an embodiment disclosed herein;

FIG. 5A is a data flow diagram provided to describe interactions betweena client device and a service provider for validating call centercommunications according to one embodiment disclosed herein;

FIG. 5B illustrates exemplary notification provided on a user interfaceof a client device supporting the methods disclosed herein; and

FIG. 6 is a block diagram illustrating one embodiment of a computersystem architecture that may be employed by the client device or serversdisclosed herein.

DETAILED DESCRIPTION

A multi-channel communication system and protocol are provided toimprove the security of client/call center interactions. In oneembodiment, a client may be notified over a trusted communicationchannel of the validity of a first service provider communication thathas been received or is to be received over a first communicationchannel. The first communication may relate to an application serviceprovided to the client by the service provider. The trustedcommunication channel may be a secure session established between theapplication service provided by the service provider and the clientdevice. For example, in some embodiments, the trusted communicationincludes a second communication, including a PUSH notification forwardedby the application service to the client device. Validating the serviceprovider communication over a trusted channel may increase clientconfidence in the authenticity of the service provider communication.Protocols that restrict disclosure of sensitive customer informationover a first communication channel pending receipt of validation overthe second, secure channel improve the security of client/servercommunications by reducing the risk of exposure to and/or exchange ofsensitive customer information.

In some embodiments, security may further be improved by additionallyauthenticating the client to the service provider, for example, byrequesting an authentication response from the client by the serviceprovider. In some embodiments, the authentication response may establisha client identity, a client knowledge and/or a client ownership. Theauthentication response may be forwarded to the service provider overthe trusted communication channel. The first communication may beselectively terminated in response to the authentication response, forexample, if the authentication response is incorrect.

In some embodiments, security may further be improved by providing, withthe authentication response, a keyword over the second communicationchannel. The keyword may subsequently be returned to the client over thefirst communication channel. Such an arrangement validates theauthenticity of both the client device and the service provider,increasing the security of the client/server communications and reducingthe opportunity for malicious interference and identity theft.

These and other features of the invention will now be described withreference to the figures, wherein like reference numerals are used torefer to like elements throughout.

As used in this application, the terms “system”, “component” and “unit”are intended to refer to a computer-related entity, either hardware, acombination of hardware and software, software, or software inexecution, examples of which are described herein. For example, acomponent can be, but is not limited to being, a process running on aprocessor, a processor, a hard disk drive, multiple storage drives (ofoptical and/or magnetic storage medium), an object, an executable, athread of execution, a program, and/or a computer. By way ofillustration, both an application running on a server and the server canbe a component. One or more components can reside within a processand/or thread of execution, and a component can be localized on onecomputer and/or distributed between two or more computers.

Further, components may be communicatively coupled to each other byvarious types of communications media to coordinate operations. Thecoordination may involve the uni-directional or bi-directional exchangeof information. For instance, the components may communicate informationin the form of signals communicated over the communications media. Theinformation can be implemented as signals allocated to various signallines. In such allocations, each message is a signal. Furtherembodiments, however, may alternatively employ data messages. Such datamessages may be sent across various connections. Exemplary connectionsinclude parallel interfaces, serial interfaces, and bus interfaces.

FIG. 1 illustrates a system 100 including one or more client devices 110coupled to a service provider 120 via a network 115. According to oneaspect, the client devices 110 comprise network-enabled computers andcommunicate with the service provider 120 via networks 115 and 125 toaccess service provider content and services.

As referred to herein, a network-enabled computer may include, but isnot limited to: e.g., a computer device, or communications deviceincluding, e.g., a server, a network appliance, a personal computer(PC), a workstation, a mobile device, a phone, a handheld PC, a personaldigital assistant (PDA), a thin client device, a fat client device, anInternet browser, or other device.

The client devices 110 thus can include a processor and a memory, and itis understood that the processing circuitry may contain additionalcomponents, including processors, memories, error and parity/CRCcheckers, data encoders, anti-collision algorithms, controllers, commanddecoders, security primitives and tamper-proofing hardware, as necessaryto perform the functions described herein. The client device 110 mayfurther include a display and input devices. The display may be any typeof device for presenting visual information such as a computer monitor,a flat panel display, and a mobile device screen, including liquidcrystal displays, light-emitting diode displays, plasma panels, andcathode ray tube displays. The input devices may include any device forentering information into the user's device that is available andsupported by the user's device, such as a touch-screen, keyboard, mouse,cursor-control device, touch-screen, microphone, digital camera, videorecorder or camcorder. These devices may be used to enter informationand interact with the software and other devices described herein.

One or more client devices 110 also may be a mobile device for example,such as an iPhone, iPod, iPad from Apple® or any other mobile devicerunning Apple's iOS operating system, any device running Microsoft'sWindows® Mobile operating system, and/or any other smartphone or likewearable mobile device.

Various client devices 110 of FIG. 1 include a cellular phone 142, alaptop 144, a tablet 148 and a terminal 146. Client devices 110 mayinclude a thin client application specifically adapted for communicationwith the service provider 120. The thin client application may be storedin a memory of the client device and be operable when executed upon bythe client device to control an interface between the client device anda service provider application, permitting a user at the client deviceto access service provider content and services.

In some examples, network 115 may be one or more of a wireless network,a wired network or any combination of wireless network and wired networkand may be configured to connect client device 110 to service provider120. For example, network 115 may include one or more of a fiber opticsnetwork, a passive optical network, a cable network, an Internetnetwork, a satellite network, a wireless local area network (LAN), aGlobal System for Mobile Communication, a Personal CommunicationService, a Personal Area Network, Wireless Application Protocol,Multimedia Messaging Service, Enhanced Messaging Service, Short MessageService, Time Division Multiplexing based systems, Code DivisionMultiple Access based systems, D-AMPS, Wi-Fi, Fixed Wireless Data, IEEE802.11b, 802.15.1, 802.11n and 802.11g, Bluetooth, NFC, Radio FrequencyIdentification (RFID), Wi-Fi, and/or the like.

In addition, network 115 may include, without limitation, telephonelines, fiber optics, IEEE Ethernet 902.3, a wide area network (“WAN”), awireless personal area network (“WPAN”), a local area network (“LAN”),or a global network such as the Internet. In addition, network 115 maysupport an Internet network, a wireless communication network, acellular network, or the like, or any combination thereof. Network 115may further include one network, or any number of the exemplary types ofnetworks mentioned above, operating as a stand-alone network or incooperation with each other. Network 115 may utilize one or moreprotocols of one or more network elements to which they arecommunicatively coupled. Network 115 may translate to or from otherprotocols to one or more protocols of network devices.

It should be appreciated that according to one or more examples, network115 may be part of a plurality of interconnected networks, such as, forexample, the Internet, a service provider's private network 125, a cabletelevision network, corporate networks, such as credit card associationnetworks, and home networks. In addition, private network 125 may beimplemented as a virtual private network layered upon network 115.

Service provider 120 is, in one embodiment, a business providingcomputer-based services to clients over a network 115. Almost all modernservice providers use the internet to provide service offerings topotential consumers. The service offerings are generally provided in theform of software applications which operate using dedicated resources ofthe service provider. The combination of the software and hardware thatprovides a particular service to a client is referred to herein as a‘server.’ For example, application server 160 may provide one or moreservices to clients of the service provider 120. The servers maycommunicate over a private network 125 of the service provider, oftenreferred to as a corporate or enterprise network. The private network125 may comprise a wireless network, a wired network, or any combinationof wireless network and wired network as described above with regard tonetwork 115.

In some embodiments, service providers may share services amongdifferent applications and may have dedicated servers to support thetasks of shared services. Examples of such servers include anauthentication server 140 and a Customer Relationship Manager (CRM)server 150. In some embodiments, the authentication server 140 maymanage a client's access to data and services of the service provider120, for example, by validating user credentials and access privileges.The authentication server 140 may store information related to clientsin tables, either locally on the server 140, or in a remote storagedevice 130. The storage device 130 may be comprised of coupled dataresources comprising any combination of local storage, distributed datacenter storage, or cloud-based storage.

A CRM server 150 may manage on line and in person support for thevarious application services provided by the service provider 120. Forexample, a CRM server 150 may manage a call center that a client maycontact to add or manage services provided by the service provider. Insome embodiments, the CRM server 150 may utilize the authenticationserver 140, for example, to validate user credential before exchangingsensitive information with a client. In some embodiments, a call centeragent may interact with the CRM server 150 via a workstation 145 orsimilar device. The call center agent may be forwarded client contactinformation, for example, to contact a client that has registered anissue or requested information related to a service providerapplication.

Often the interaction between the CRM involves the exchange of sensitivecustomer information such as a password, social security number, keywordor another token that is used by the call center agent to validate theidentity of a client. According to one aspect, a CRM 150 may beconfigured as disclosed herein to validate the call center agent as atrue service provider representative, thereby validating the origin ofthe service provide communication and increasing client trust in thesecurity provided by the service provider. In one embodiment, the CRM150 may be configured to communicate with a client device over a trustedchannel separate from a call center channel (e.g. voice communicationchannel), where the communication over the trusted channel providesnotification to the client about the validity of the origin or source ofthe voice communication. Such an arrangement may be useful to validatesolicited and/or unsolicited service provider calls and provide comfortto the client that the person at the other end of the phone is a trustedcall center agent.

FIG. 2 is a block diagram illustrating exemplary components of a systemincluding a CRM server 150 and an application server 160. The CRM server150 is shown to include a Public Switched Telephone Network (PSTN)interface 210, an Internet Protocol Network interface 212, a processor214 and a memory 215. The memory 215 may store CRM program code 216operable when executed upon by the processor 214 to perform a method ofvalidating call center/client communications as disclosed herein.

The application server 160 includes an IP network interface 260, aprocessor 264 and a memory 270. In one embodiment, the applicationserver 160 may store a client authentication table 272. The clientauthentication table 272 may store user credential, access privilegesand other security information for clients, including but not limited toaccount names, account numbers, user names, passwords, tax id numbers,query/response pairs, biometric information, etc. In other embodiments,the application server 160 may communicate with an authentication serverto validate client requests as described herein.

The application server 160 may also include application program code 274which enables a client to access a service of the service provider. Forexample, the application program code may host or otherwise manage acustomer facing web application through which the client is able toaccess and/or manage their account.

FIG. 2 illustrates two communication channels. Communication channel 200may be, for example, a Public Switched Telephone Network (PSTN),cellular network or combination thereof that supports voice callsbetween individuals.

Communication channel 250 may be a wireless or wireline network, or acombination thereof, which supports Internet Protocol (IP)communications between software applications, for example, softwareapplications running on the application server 160, CRM 150 and/or oneor more client devices 110 (FIG. 1)

According to one aspect, a communication initiated by the CRM 150 overcommunication link 200 to a client device is validated by the CRM server150 through a second, trusted communication channel. For example,concurrently with, substantially concurrently with, prior to or afterthe initiation of a phone call by the CRM to the client, the CRM mayrequest the application server to PUSH or otherwise transmit anotification to the client over a communication channel 250, for exampleas part of a secure session established between the application server160 and the client 110. With such an arrangement, the client receivescontemporaneous dual channel validation to establish the authenticity ofthe call.

In some embodiments, the application server 160 may also forward arequest to the client over the channel, the request seekingauthentication data from the client. In some embodiments, theauthentication data may include a password, biometric input, fob number,card number, query response, etc. The application server may comparereceived authentication data against information for the client that isstored in the client authentication table 272 and communicate thevalidation of the client to the CRM 150. In some embodiments, the CRM150 may use the validation of the client as a prerequisite to servingthe client.

Referring now to FIG. 3, an exemplary process 300 that may be performedby a client device interacting with a CRM to validate client/call agentcommunications is shown. At step 310, the client may receive, over afirst communication channel by a client device, a first service providercommunication from the service provider. For example, this communicationmay include a call from a service provider call center. The call may bemade to the client in response to a call request input by the client, ordue to a call trigger condition being experienced by the serviceprovider. For example, the call trigger condition may be that unusualactivity has occurred on a client account. At step 320, the client alsoreceives a second communication over a second communication channel. Insome embodiments, the second communication is a trusted communicationchannel between an application service of the service provider and theclient. The trusted communication channel may be a session establishedbetween the client and the service provider. The second communicationmay be forwarded by the application server to the client as a PUSHcommand that includes a prompt or other notice of an impending call fromthe service provider.

In one embodiment, at step 330, the client device further receives arequest for authentication data. The request for authentication data mayseek information such as a password, query response, biometric input,etc. The biometric input includes one or more of a facial feature, afingerprint, a hand geometry, an iris scan, a retinal scan, a bloodpressure scan or a voice scan. The input may be provided via aninterface of the client device, such as a scanner, a camera, keypad,touchpad, microphone, etc. At step 350, the client device receives theauthentication response via the user interface, and at step 360 forwardsthe response to the CRM server using the second communication channel.

With such an arrangement, the call center agent is authenticated to theclient, and the client is authenticated to the call center agent. Invarious embodiments, should the client fail to receive the validationnotification, or the client fails to provide the appropriateauthentication response, the call may be terminated. In one embodiment,along with the authentication response, the client may further forward akeyword or voice clip, that may be repeated or replayed to the client atthe start of the call to further assure the client of the securing ofthe call exchange.

FIG. 4 illustrates various steps of a process 400 that may be performedby the CRM 150 for authenticating communication between a client and aservice provider. At step 410, the call center agent initiates the firstcommunication to a client device by the service provider over a firstcommunication channel. For example, the call center agent may click on aphone number of the client presented to the call center agent on a CRMapplication interface to initiate a call with the client. Initiating thecall sets up the first communication link over the cellular/PSTNnetwork.

At step 420, The method also includes initiating a second communicationby the service provider to the client device over a second communicationchannel, the second communication, including notification of the firstcommunication. Receipt of the second communication validates the firstcommunication, thereby increasing the trust of the user in the securityof any exchange of sensitive information.

At step 430, in one embodiment the method includes requesting anauthentication response from the client associated with the clientdevice, the authentication response including a biometric input or aknowledge input from the client

At step 440, the service provider receives the authentication responsefrom the client and compares the authentication response against anexpected authentication response for the client. In the event of amatch, the call agent may continue the call. In the event of a mismatchbetween the client response and the expected response, at step 450 thecall agent may terminate the call or forward the call for remediation.In some embodiments, the client may gain further assurances about thesecurity of the link by providing, with the authentication response overthe second communication channel, a keyword, voice clip, image or otherinput which may be played back to the client by the call agent via thefirst communication link.

FIG. 5A is a dataflow diagram provided to illustrate one embodiment of aclient/call center authentication process 500 that provides improvedsecurity for client information. At step 501 the call center 520initiates a call via a first communication channel to the client device550. As mentioned previously, the first communication channel may use acellular network, telephony network, an IP network or any networkcapable of supporting bilateral communication between the client and thecall center. Although the first communication link may support voicecommunications, it is appreciated that bilateral communication linkssuch as chat sessions are within the scope of this disclosure.

At step 502, the call center 520 further initiates a secondcommunication to the client device 550, for example by instructing atrusted application service to PUSH a notification of the impending callissued at step 501 to the client device 550. When at step 502 an agentat the call center 520 initiates the notification process, the agentsends a PUSH request to a separate application service 560. Inembodiments such as FIG. 5A, the application service 560 may be or mayuse a cloud based service, where a cloud based service usesapplications, services or resources made available to users on demandthrough shared resources of a cloud based service provider. In someembodiments, the application service is a service provided by theservice provider for managing the account related to the serviceprovider communication. For example, the application service may be anaccount management service of the service provider. At step 503, theapplication service issues the requested PUSH to the client device.

FIG. 5B illustrates one example of a user interface of a device 550configured to display a validation notification such as notification 510that has been pushed over the second communication channel to the clientThe notification may be, for example, a notification of an impendingcall and/or a validation of an existing call connection. In the exampleof a notification of an existing call, the notification may relate to anew client/call center interaction, for example on initiated by the callcenter but received after the call has been received by the call center.In some embodiments, the call center may send such notification to theclient at any point during a communication when the client requestsfurther authenticity of the call center agent.

In the example of FIG. 5B, the validation notification providesassurances to the client that an incoming communication is from theirservice provider. For example, the notification of FIG. 5B that ‘Youshould receive a call from your service provider within 5 minutes’establishes authenticity of the incoming call.

In some embodiments, the pushed notification may further include anauthentication request. The authentication request may be useful inensuring that the client that possesses the client device that is beingused to establish the communication link with the call center isauthorized to discuss the client account with the service provider. Asshown in FIG. 5B, the authentication request may be provided as a prompt512 on the user interface of the client device 550.

In some embodiments, the authentication request may seek informationestablishing one or more of knowledge, ownership and/or identity.Knowledge may be established through the use of passwords, queryresponses or known client quantities, such as last transaction values,account numbers, tax identification numbers, etc. Ownership may beestablished by the client providing a token from a possessed item, suchas a card or key fob. Identity may be gleaned by scanning biometricscans such as fingerprint scans, iris scan, facial scans, etc.

In some embodiments, the user interface may also include an optionenabling the user to return a voice clip, keyword or other sessionvalidating information to the call center agent over the second channel.The session validating information may be played back or otherwisepresented to the client as part of the first communication. The sessionvalidation information helps to validate the connection between thesecond communication channel and the first communication channel to theclient, thereby increasing client confidence in the call center. In someembodiments, the option may be provided as button or link that ispresented on the user interface which, when selected, permits the clientto enter the session validating information.

Returning again to FIG. 5A, at step 504 the response is returned to theapplication service 560. In some embodiments, the application service560 may perform validation of the authentication response. In otherembodiments, the application service 560 may communicate with anauthentication service which stores client authentication information.Whichever entity manages authentication, at step 505 the applicationservice forwards the authentication result to the call center 520. Inembodiments where the user has also forwarded session validatinginformation (such as a voice clip or keyword), the session validatinginformation may be further forwarded to the call center.

In the event that the authorization response validates the client, atstep 506, the call center may communicate, over the first communicationlink, that appropriate authentication responses have been received, andmay begin management of the customer issue that originated the call. Insome embodiments, the call center may also play, display otherwisecommunicate the session validating information to the client, providingclient confidence in the validity and relationship between the first andsecond communication pathways.

Accordingly, a system and method for increasing the trust and securityfor call center/client has been shown and described. The method includesvarious steps in a process which may be implemented in hardware,software or a combination thereof.

Referring now to FIG. 6, one embodiment of an exemplary computingarchitecture 900 which may be implemented at the client device, CRMserver, application server etc., to support the processes disclosedherein is provided. In various embodiments, the computing architecture900 may comprise or be implemented as part of an electronic device thatincludes greater or fewer of the components shown in FIG. 6. Thecomputing architecture 900 is configured to implement all logic,applications, systems, methods, apparatuses, and functionality describedherein.

The computing system 902 includes various common computing elements,such as one or more processors, multi-core processors, co-processors,memory units, chipsets, controllers, peripherals, interfaces,oscillators, timing devices, video cards, audio cards, multimediainput/output (I/O) components, power supplies, and so forth. Theembodiments, however, are not limited to implementation by the computingsystem 902.

As shown in FIG. 6, the computing system 902 comprises a processor 904,a system memory 906 and a system bus 908. The processor 904 can be anyof various commercially available computer processors. Dualmicroprocessors, multi-core processors, and other multi-processorarchitectures may also be employed as the processor 904.

The system bus 908 provides an interface for system componentsincluding, but not limited to, the system memory 906 to the processor904. The components may be controlled by interfaces, for example diskdevices may be controlled according to their various protocols byinterfaces 924, 926, and 928. Network communications may be controlledby network adapter 956. The system memory 906 may include various typesof computer-readable storage media in the form of one or more higherspeed memory units including non-volatile memory 910 and/or volatilememory 912. A basic input/output system (BIOS) can be stored in thenon-volatile memory 910.

The computing system 902 may include various types of computer-readablestorage media in the form of one or more lower speed memory units,including an internal (or external) hard disk drive (HDD) 914, amagnetic floppy disk drive (FDD) 916 to read from or write to aremovable magnetic disk 918, and an optical disk drive 920 to read fromor write to a removable optical disk 922 (e.g., a CD-ROM or DVD). Thedrives and associated computer-readable media provide volatile and/ornonvolatile storage of data, data structures, computer-executableinstructions, and so forth. For example, a number of program modules canbe stored in the drives and memory units 910, 912, including anoperating system 930, one or more application programs 932 including adrive controller program as described with regard to FIG. 6, otherprogram modules 934, and program data 936. For example, the controllerprogram may store program data including the expected plurality ofreceived distal forces associated with a zero-force/working position ina storage device of the processor.

A user can enter commands and information into the computing system 902through one or more wire/wireless input devices, for example, a keyboard938 and a pointing device, such as a mouse 940. Other input devices mayinclude microphones, infra-red (IR) remote controls, radio-frequency(RF) remote controls, game pads, stylus pens, card readers, dongles,finger print readers, gloves, graphics tablets, joysticks, keyboards,retina readers, touch screens (e.g., capacitive, resistive, etc.),trackballs, trackpads, sensors, styluses, and the like. These and otherinput devices are often connected to the processor 904 through an inputdevice interface 942 that is coupled to the system bus 908 but can beconnected by other interfaces.

A monitor 944 or other type of display device is also connected to thesystem bus 908 via an interface, such as a video adaptor 946. Thecomputing system 902 may operate in a networked environment usinglogical connections via wire and/or wireless communications to one ormore remote computers, such as a remote computer 948 including amemory/storage device 950. The logical connections depicted includewire/wireless connectivity to a local area network (LAN) 952 and/orlarger networks, for example, a wide area network (WAN) 954. Thecomputing system 902 may also be operable to communicate with wired andwireless devices or entities using the IEEE 802 family of standards. Oneor more aspects of at least one embodiment may be implemented byrepresentative instructions stored on a machine-readable medium whichrepresents various logic within the processor, which when read by amachine causes the machine to fabricate logic to perform the techniquesdescribed herein.

Accordingly, a system and method has been described that utilizesmulti-channel communication to increase security and improve confidencein client/call center communications. Some embodiments may be describedusing the expression “one embodiment” or “an embodiment” along withtheir derivatives. These terms mean that a particular feature,structure, or characteristic described in connection with the embodimentis included in at least one embodiment. The appearances of the phrase“in one embodiment” in various places in the specification are notnecessarily all referring to the same embodiment. Moreover, unlessotherwise noted the features described above are recognized to be usabletogether in any combination. Thus, any features discussed separately maybe employed in combination with each other unless it is noted that thefeatures are incompatible with each other.

With general reference to notations and nomenclature used herein, thedetailed descriptions herein may be presented in terms of functionalblocks or units that might be implemented as program procedures executedon a computer or network of computers. These procedural descriptions andrepresentations are used by those skilled in the art to most effectivelyconvey the substance of their work to others skilled in the art.

A procedure is here, and generally, conceived to be a self-consistentsequence of operations leading to a desired result. These operations arethose requiring physical manipulations of physical quantities. Usually,though not necessarily, these quantities take the form of electrical,magnetic or optical signals capable of being stored, transferred,combined, compared, and otherwise manipulated. It proves convenient attimes, principally for reasons of common usage, to refer to thesesignals as bits, values, elements, symbols, characters, terms, numbers,or the like. It should be noted, however, that all of these and similarterms are to be associated with the appropriate physical quantities andare merely convenient labels applied to those quantities.

Further, the manipulations performed are often referred to in terms,such as adding or comparing, which are commonly associated with mentaloperations performed by a human operator. No such capability of a humanoperator is necessary, or desirable in most cases, in any of theoperations described herein, which form part of one or more embodiments.Rather, the operations are machine operations. Useful machines forperforming operations of various embodiments include general purposedigital computers or similar devices.

Some embodiments may be described using the expression “coupled” and“connected” along with their derivatives. These terms are notnecessarily intended as synonyms for each other. For example, someembodiments may be described using the terms “connected” and/or“coupled” to indicate that two or more elements are in direct physicalor electrical contact with each other. The term “coupled,” however, mayalso mean that two or more elements are not in direct contact with eachother, but still co-operate or interact with each other.

Various embodiments also relate to apparatus or systems for performingthese operations. This apparatus may be specially constructed for therequired purpose or it may comprise a general-purpose computer asselectively activated or reconfigured by a computer program stored inthe computer. The procedures presented herein are not inherently relatedto a particular computer or other apparatus. Various general-purposemachines may be used with programs written in accordance with theteachings herein, or it may prove convenient to construct morespecialized apparatus to perform the required method steps. The requiredstructure for a variety of these machines will appear from thedescription given.

It is emphasized that the Abstract of the Disclosure is provided toallow a reader to quickly ascertain the nature of the technicaldisclosure. It is submitted with the understanding that it will not beused to interpret or limit the scope or meaning of the claims. Inaddition, in the foregoing Detailed Description, various features aregrouped together in a single embodiment to streamline the disclosure.This method of disclosure is not to be interpreted as reflecting anintention that the claimed embodiments require more features than areexpressly recited in each claim. Rather, as the following claimsreflect, inventive subject matter lies in less than all features of asingle disclosed embodiment. Thus, the following claims are herebyincorporated into the Detailed Description, with each claim standing onits own as a separate embodiment. In the appended claims, the terms“including” and “in which” are used as the plain-English equivalents ofthe respective terms “comprising” and “wherein,” respectively. Moreover,the terms “first,” “second,” “third,” and so forth, are used merely aslabels, and are not intended to impose numerical requirements on theirobjects.

What has been described above includes examples of the disclosedarchitecture. It is, of course, not possible to describe everyconceivable combination of components and/or methodologies, but one ofordinary skill in the art may recognize that many further combinationsand permutations are possible. Accordingly, the novel architecture isintended to embrace all such alterations, modifications and variationsthat fall within the spirit and scope of the appended claims.

What is claimed is:
 1. A system, comprising: memory; one or moreprocessors coupled with memory, the one or more processors, configuredto execute instructions, to: initiate a call with a client device over afirst communication channel to communicate voice communications; send anotification over a second communication channel with the client device,the notification to validate the call; send an authentication requestover the second communication with the client device, the authenticationrequest to request an authentication response from a user of the clientdevice to authenticate the user; receive the authentication responsefrom the client device over the second communication channel; andselectively terminate or permit the voice communication over the voicecommunication channel responsive to the authentication response.
 2. Theapparatus of claim 1, the one or more processors to initiate anapplication service to communicate over the second communication channelwith the client device.
 3. The apparatus of claim 2, wherein theapplication service to send the notification as a PUSH notificationduring an application session with the client device.
 4. The apparatusof claim 3, wherein the authentication response is received from theclient device during the application session with the client device. 5.The apparatus of claim 1, wherein the authentication response comprisesa keyword for use as a second authentication of the voice communication,the keyword provided to the service provider over the applicationcommunication channel.
 6. The apparatus of claim 5, the one or moreprocessors to communicate the keyword client device over the firstcommunication channel.
 7. The apparatus of claim 1, wherein thenotification is a text message to indicate the call, and the one or moreprocessors to send the notification prior to initiate the call.
 8. Theapparatus of claim 1, wherein the first communication channel includesone or more of a cellular network or a telephone network, and the secondcommunication channel includes an internet protocol communication linkbetween an application service and an application of the client device.9. The apparatus of claim 1, wherein the authentication requestcomprises a request for the user to provide a biometric input or anownership input, and wherein the ownership input comprises wherein theownership input comprises a fob input or card input.
 10. Acomputer-implemented method, comprising: initiating, by a system, a callwith a client device over a first communication channel to communicatevoice communications; communicating, by the system, a notification overa second communication channel with the client device, the notificationto validate the call; communicating, by the system, an authenticationrequest over the second communication with the client device, theauthentication request to request an authentication response from a userof the client device to authenticate the user; receiving, by the system,the authentication response from the client device over the secondcommunication channel; and selectively terminating or permitting, by thesystem, the voice communication over the voice communication channelresponsive to the authentication response.
 11. The computer-implementedmethod of claim 10, comprising initiating, by the system, an applicationservice to communicate over the second communication channel with theclient device.
 12. The computer-implemented method of claim 11, whereinthe application service to send the notification as a PUSH notificationduring an application session with the client device.
 13. Thecomputer-implemented method of claim 12, wherein the authenticationresponse is received from the client device during the applicationsession with the client device.
 14. The computer-implemented method ofclaim 11, wherein the authentication response comprises a keyword foruse as a second authentication of the voice communication, the keywordprovided to the service provider over the application communicationchannel.
 15. The computer-implemented method of claim 14, comprisingcommunicating, by the system, the keyword client device over the firstcommunication channel.
 16. The computer-implemented method of claim 11,wherein the notification is a text message to indicate the call, and theone or more processors to send the notification prior to initiate thecall.
 17. The computer-implemented method of claim 11, wherein the firstcommunication channel includes one or more of a cellular network or atelephone network, and the second communication channel includes aninternet protocol communication link between an application service andan application of the client device.
 18. The computer-implemented methodof claim 11, wherein the authentication request comprises a request forthe user to provide a biometric input or an ownership input, and whereinthe ownership input comprises wherein the ownership input comprises afob input or card input.
 19. A non-transitory computer-readable mediumcomprising a set of instructions that, in response to being executed onone or more processors of a system, cause the one or more processors to:initiate a call with a client device over a first communication channelto communicate voice communications; send a notification over a secondcommunication channel with the client device, the notification tovalidate the call; send an authentication request over the secondcommunication with the client device, the authentication request torequest an authentication response from a user of the client device toauthenticate the user; receive the authentication response from theclient device over the second communication channel; and selectivelyterminate or permit the voice communication over the voice communicationchannel responsive to the authentication response.